CVE-2017-10385
https://notcve.org/view.php?id=CVE-2017-10385
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101360 http://www.securitytracker.com/id/1039606 •
CVE-2017-10393
https://notcve.org/view.php?id=CVE-2017-10393
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101364 http://www.securitytracker.com/id/1039606 •
CVE-2017-10391
https://notcve.org/view.php?id=CVE-2017-10391
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101347 http://www.securitytracker.com/id/1039606 •
CVE-2017-1000030
https://notcve.org/view.php?id=CVE-2017-1000030
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. Oracle, GlassFish Server Open Source Edition versión 3.0.1 (build 22), es susceptible a la vulnerabilidad de divulgación de contraseña de Key Store de Java, lo que hace posible proporcionar al atacante no autenticado una contraseña de texto plano de usuario administrativo y conceder acceso a la interfaz de administración basada en web. • https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 • CWE-287: Improper Authentication •
CVE-2017-1000029
https://notcve.org/view.php?id=CVE-2017-1000029
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. Oracle, GlassFish Server Open Source Edition versión 3.0.1 (build 22), es susceptible a la vulnerabilidad de Inclusión de Archivos Locales, que hace posible incluir archivos arbitrarios en el servidor, esta vulnerabilidad puede ser explotada sin ninguna autenticación previa. • https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •